whois
-----

CVE Number: 
CVE-2000-0010, CAN-1999-0983, CAN-1999-0984, CAN-1999-0985

Details:
The whois cgi script was found on the system. There are several vulnerable
versions of this script -- WebWho+, the Whois Internic Lookup program, Matt's
Whois program, CC Whois, and KW whois. All allow for remote command execution.

Fix:
It is recommended that the file be removed from the system, or either a 
vendor patch or secure alternative be used.

Related URLs:
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-12-22&msg=19991226093620.BA0961EE87@lists.securityfocus.com
http://www.securityfocus.com/templates/archive.pike?list=1&date=1999-11-8&msg=19991210025310.B82291F23E@lists.securityfocus.com

$Id: whois,v 1.2 2001/01/03 22:11:28 loveless Exp $
